Privacy & GRC Specialist

Data governance, Data mapping, Governance, COSO, CISSP, CISM, CISA, CIPP, Audit, ISO/IEC 27001:2005, ISO 9000, IT risk, Information security, Legal, JD, Privacy, Policies and procedures, Risk assessment, SAP GRC, Sarbanes-Oxley, NIST, HIPAA, Compliance, data privacy, privacy policy, privacy law, GDPR, CCPA, OneTrust, TrustedArc, Prevalent, Priva, ThirdPartyTrust, CRISC, CTPRP, GRC
Full Time
$120,000 - $140,000
Travel required to 10%.

Job Description

Are you a successful Information Security professional who enjoys working with reputable business organizations to exercise and maintain their Privacy & GRC programs?

We have a Privacy & GRC Specialist role available within the New York office of a large international law firm.

Role Overview:

You are an Privacy & GRC SME with a knack for creating and executing programs to maintain policies and procedures pertaining to IT risk, security, and compliance. You should:

  • Have a track record of developing and maintaining standards and guidelines for global business organizations to successfully operate
  • Be a dictionary when it comes to US and international privacy regulations and compliance assessments:
    • The GDPR, CCPA, SSAE18 SOC 2, ISO, NIST, HIPAA, GLBA, SOX and the COSO framework are all second nature framework
  • Be a pro when it comes to data governance and third-party compliance and risk assessment methodologies

In this role, you will work closely with the Director of Information Security to ensure the Firm has all necessary policies, standards, procedures, and processes in place in regards to data confidentiality, integrity, and availability as required by clients and regulatory requirements.

You relish in a team oriented environment where you can put your project management skills to good use while regularly interfacing with a broad range of people and roles.  You can:

  • Read, understand, and reference policies, standards, and guidelines as they pertain to information security, and identify instances of non-conformity
  • Create and update all documents related to ISO27001 and assist with ISO27001 audits
  • Develop, implement, and update the Firm’s US and international privacy policies, procedures and processes
  • Organize initial and ongoing information privacy training for all staff
  • Perform periodic risk assessments and ongoing compliance monitoring
  • Participate in the development and review of business associate and qualified service organization agreements to ensure that all privacy concerns, requirements, and responsibilities are addressed
  • Develop, implement, and manage data governance policies, procedures and process to ensure availability, usability, integrity, and security of the data employed in the Firm
  • Identify old data and create life-cycle governance around all data in the Firm
  • Create policies around access to Firm’s data by third party
  • Handle Third-Party Vendor management processes and procedures in regards to data governance, risk, and compliance

Education, Experience and Technical Skills required:

  • Bachelor’s degree with a minimum of six (6) years' of combined experience with information security, privacy, and third-party management programs in a global enterprise
  • At least one (1) industry certification required: CISSP, CRISC, CISM, CTPRP, CISA and CIPP
  • Experience with privacy platforms, including: OneTrust VRM, TrustedArc, Prevalent, Priva, ThirdPartyTrust and others
  • Experience with data mapping
  • Legal background is a plus (JD or equivalent prior legal experience or education)
  • Ability to travel within USA and abroad when business travel resumes. Travel will be no more than 20% a year, depending on the distance
Dice Id : 10486491
Position Id : 6738548
Originally Posted : 3 months ago
Have a Job? Post it